Which servers should you identify?

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains five servers. The servers are configured as shown in the following table.

You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.
You need to identify on which servers you must perform the configurations for the NAP deployment.
Which servers should you identify? To answer, drag the appropriate servers to the correct
actions. Each server may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.)

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains five servers. The servers are configured as shown in the following table.

You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.
You need to identify on which servers you must perform the configurations for the NAP deployment.
Which servers should you identify? To answer, drag the appropriate servers to the correct
actions. Each server may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.)

Answer:

Explanation:

Show Hint

Leave a Reply 16

Your email address will not be published. Required fields are marked *

Emo

Emo

This is weird question because both HRA and HCAP can not exist without NPS role installed, therefore Server4 and Server5 are also NPS servers.

Create helath policies: Server4
Configure NAP Enforcement method: Server 3
Create remediation server groups: ??? Remediation server groups are not used in an IPsec enforcement design.

See here:
http://msdn.microsoft.com/en-us/library/dd125312(v=ws.10).aspx

Reply

PPGrillo

PPGrillo

The three options are NPS

Reply

Dutch

Dutch

I think it would be:

Create Health Policies: Server 4
Configure NAP Enforcement method: Server 3
Create remediation server group: Server 1 (because you have not to configure configure it for NAP with IPsec Enforcement

See Microsoft article from Emo

Reply

Alboy76

Alboy76

only this explanation.. which one is correct

Reply

eric

eric

1. Answer: is Server3
You can create health policies in Network Policy Server (NPS) by naming the policy, setting the type of client system health validator (SHV) check, and adding one or more SHVs to the new health policy.

https://technet.microsoft.com/en-us/library/cc726005(v=ws.10).aspx

2. Answer is server 1

NAP clients in a domain environment are typically configured through Group Policy. When a NAP client computer receives NAP settings from Group Policy, it will ignore its local settings. For example, it is not possible to enable one NAP enforcement client in Group Policy and another enforcement client in local policy. To configure NAP client settings in Group Policy, you must use a computer with the Group Policy Management feature installed. This feature is installed automatically on a domain controller running Windows Server 2008 and Windows Server 2008 R2. This feature can be installed on a member server running Windows Server 2008 or Windows Server 2008 R2. You can use Group Policy to configure NAP settings on NAP clients running Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, and Windows XP SP3.
https://msdn.microsoft.com/en-us/library/dd125319(v=ws.10).aspx

3. Answer is Server3
You configure remediation server groups on the Network Policy Server and reference a particular remediation server group as part of the network policy for non-compliant computers.
https://technet.microsoft.com/en-us/library/bb681061.aspx

https://technet.microsoft.com/fr-fr/library/dd314153(v=ws.10).aspx

Reply

Jerry

Jerry

Create Health Policies: Server 3
Configure NAP Enforcement method: Server 3
Create remediation server group: Server 3

See: https://ripusudan.wordpress.com/2013/03/19/how-to-configure-nap-enforcement-for-dhcp/

Reply

Tobi G

Tobi G

That is wrong. You do not use a remeditation server group within an IPSec enforcement scenario. The link descripts an implementation of NAP DHCP-Enforcement.

Two different things buddy.

NAP with IPSec Enforcement uses the IPSec Firewall settings to decide which computer is allowed to communicate or not.

eric is right. You must tell the client if and which NAP enforcement he has to use. This is done by a GPO.

-> Microsoft provides a Step-by-step guide. Read that: https://www.microsoft.com/en-us/download/details.aspx?id=12609

Reply

Everaldo

Everaldo

Server 3 -> Create health policies
Configure NPS as a NAP health policy server…
Server 4 -> Configure the NAP enforcement method
To implement IPsec enforcement, you must install additional software components on the network. You must have a Health Registration Authority (HRA) to act as an enforcement point, and a CA to generate health certificates…
Server 1 -> Domain Controller
with IPsec NAP enforcement, all remediation servers should be configured as boundary servers

Reply

Everaldo

Everaldo

Sorry… the correct is 3 3 1

Reply

Tim McNuggets

Tim McNuggets

I think everyone agrees Create Health Policies is Server 3.

From MSDN:
‘You can configure NAP clients through Group Policy or local computer policy’

So Answer for Configure the NAP Enforcement method: Server 1

From TechNet:
‘You configure remediation server groups on the Network Policy Server and reference a particular remediation server group as part of the network policy for non-compliant computers

So Answer is:
Create Health Policies: Server 3
Configure NAP Enforcement method: Server 1
Create remediation server group: Server 3

Reply

OSA

OSA

For remediation server group, answer is server1 (GPO on DC).

“To allow noncompliant computers to access servers offering system or antivirus updates, some additional configuration of these servers is needed to prevent network traffic from being blocked. The method to enable this network traffic through depends on the enforcement method used, but it can be as easy as assigning a static IP address (for DHCP enforcement) or configuring less-restrictive IPsec policies using a GPO.”

Paul Ferrill; Tim Ferrill. Exam Ref 70-413: Designing and Implementing a Server Infrastructure.

For step by step configuration :
http://www.microsoft.com/en-us/download/details.aspx?id=12609

Reply

Steve Balmer

Steve Balmer

Answers are:

Health Policies: Server3
NAP enforcement method: Server1
Remediation Server groups: Server1

IPsec enforcement

In an IPsec enforcement design, remediation servers should be placed in the IPsec logical boundary network. You must issue NAP exemption certificates to remediation servers and configure IPsec policy so that they can freely communicate with noncompliant computers. Placing remediation servers in a remediation servers group in the NPS console has no effect on access to these servers when you use NAP with IPsec enforcement.

Reply

Ulrik Johansson

Ulrik Johansson

No new questions of my 70-413 exam on 31/Jan/2016!

There are 4 Case Studies: Northwind, Parnell, Liteware and Woodgrovebank, 7 Drag and Drop questions. Also, many questions on VPN, Remote Access, WDS, GPO, NAP and DHCP.

Learned all exam questions from PassLeader 70-413 exam dumps (pdf and vce file: http://bit.ly/1AJH4c6), wrong answers have been corrected in it!!!

Good Luck!

Reply